3loc (>=0.1.0 <=0.4.0), 3scale (>=0.2.0 <=0.6.2) +657 more potentially affected by CVE-2025-25341 via libxmljs (>=0.10.0 <=1.0.9)

libxmljs NPM version =0.10.0, =0.1.0, =0.2.0, =0.3.2, =0.0.1, =4.0.1, =1.10.4, =1.8.1, =1.5.8, =1.5.1, =1.8.3, =0.1.0, =1.0.1, =1.2.0 and more Source cves: CVE-2025-25341 Source advisory: SNYK:JS-LIBXMLJS-14723210...

CVE-2024-12125

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...

CVE-2024-12125 3scale-porta: readonly fields not validated server-side

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...

CVE-2024-12125

The CVE-2024-12125 affects the 3scale Developer Portal. The flaw allows account creation or updates where fields configured as read-only or hidden can be modified, exposing restricted information. Root cause: server-side validation does not enforce read-only/hidden constraints on account operatio...

CVE-2024-12125 3scale-porta: readonly fields not validated server-side

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...

PT-2025-45387

Name of the Vulnerable Software and Affected Versions 3scale Developer Portal affected versions not specified Description A flaw exists in the 3scale developer portal that could allow account creation or updates through hidden or read-only fields. This allows an attacker to potentially access or...

CVE-2024-9671

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed...

PT-2024-39753 · 3Scale · 3Scale

Name of the Vulnerable Software and Affected Versions: 3Scale affected versions not specified Description: A vulnerability was found in 3Scale where there is no authentication mechanism to view a PDF invoice of a Developer user if the URL is known. This allows anyone to see the invoice if the URL...

Malicious code in 3scale-time-range (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in 3scale-client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-0560

A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...

PT-2024-2635 · Red Hat · 3Scale +2

Name of the Vulnerable Software and Affected Versions: 3Scale versions used with Keycloak 15 or RHSSO 7.5.0 Description: The issue is related to incorrect handling of insufficient permissions or privileges in the 3Scale API Management software. When the auth type is set to use 3scale oidc issuer...

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

CVE-2023-0456

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...

CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...

Red Hat 3scale 安全漏洞

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in the Red Hat 3scale amp-system. No information is available at this time about this vulnerability, so please stay tuned to CNNVD or the vendor's...

3Scale 安全漏洞

Red Hat 3Scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in 3Scale, which originated in 3Scale.We found that all versions of the 3Scale Developer Portal lack brute force protection...

Malicious Package

Overview 3scale-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using 3scale-client...

CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information...